XDPeXpress Data Path

Introduction to XDP

XDP or eXpress Data Path provides a high performance, programmable network data path in the Linux kernel as part of the IO Visor Project. XDP provides bare metal packet processing at the lowest point in the software stack which makes it ideal for speed without compromising programmability. Furthermore, new functions can be implemented dynamically with the integrated fast path without kernel modification. Other key benefits of XDP includes the following:

It does not require any specialized hardware

It does not required kernel bypass

It does not replace the TCP/IP stack

It works in concert with TCP/IP stack along with all the benefits of BPF

XDP Packet Processing Overview

The XDP packet process includes an in kernel component that processes RX packet-pages directly out of driver via a functional interface without early allocation of skbuff’s or software queues. Normally, one CPU is assigned to each RX queue but in this model, there is no locking RX queue, and CPU can be dedicated to busy poll or interrupt model. BPF programs performs processing such as packet parsing, table look ups, creating/managing stateful filters, encap/decap packets, etc.

The extensibility of BPF is kept intact with packet inspection and manipulation functions, flow and table lookups, and application processing leveraging BPF programs which are portable to userspace and other operating systems.

XDP and DPDK

XDP is sometimes juxtaposed with DPDK when both are perfectly fine approaches. XDP offers another option for users who want performance while still leveraging the programmability of the kernel. Some of the functions that XDP delivers include the following:

Removes the need for 3rd party code and licensing

Allows option of busy polling or interrupt driven networking

Removes the need to allocate large pages

Removes the need for dedicated CPUs as users have more options on structuring work between CPUs

Removes the need to inject packets into the kernel from a 3rd party user space application

Removes the need to define a new security model for accessing networking hardware